Nightfall
HomeLoginDeveloper PlatformContact Us
Search…
Introduction
Why Cloud DLP?
Product Updates
Operationalizing DLP
Informing & Coaching Business Users
Running Historical Scans
Alert Management Guiding Principles
Integrating with Security Tools
Detection Engine
Getting Started
How Detection Works
Detectors
Detector Glossary
Configuring & Customizing Detectors
Choosing Detectors
Create Detection Rules for Real-Time vs Historical Scans
Detection Engine FAQs
Evaluating Detection
Nightfall for Slack
Nightfall for Slack: Demo Video
Getting Started
Alert Management
Remediation Guide
FAQs
Nightfall for Slack Overview
Nightfall for GitHub
Real-Time Scanning
Historical Scanning
Nightfall for GitHub Overview
Radar API Reference
Exporting Reports & Results
Integrating Webhook Endpoints
Integrating with Jira
Remediation Guide
Managed Services
FAQs
NIGHTFALL FOR GOOGLE DRIVE
Getting Started
Alert Management
Nightfall for Google Drive Overview
Remediation Guide
Historical Scanning
Nightfall for Confluence
Getting Started
Alert Management
Remediation Guide
Nightfall for Jira
Nightfall for Jira Overview
Remediation Guide
Getting Started
Account Management
User Administration
Authentication Options
Compliance
SOC 2 Compliance
HIPAA Compliance
PCI Compliance
Resources
FAQs
Login to Nightfall
Developer Platform
Platform Status
Contact Us
Powered By GitBook
Configuring & Customizing Detectors
With Nightfall, you can create custom detectors in two ways: using regular expressions (regexes), or starting from existing Nightfall machine learning detectors.

Regular Expressions

Short for regular expression, a regex is a string of text that allows you to create patterns that help match, locate, and manage text. If you want to look for a common pattern, you can create your own custom regex to search for that specific pattern. If a token is matched, Nightfall will alert with a confidence level of ‘Likely’.
Regexes must match the syntax outlined at this link. You can also give your regex a test drive using sample data at this link.

Extending Upon a Nightfall Detector

You can customize any existing machine learning-based Nightfall detector by adding exclusion rules and/or context rules.

Exclusion Rules (Allow List)

Exclusion rules in Nightfall act essentially as an “allow list,” enabling you to define data that should not trigger a DLP violation. One common example applies to the Email detector - many organizations choose to ignore instances of their own email domains.
Exclusion rules can be defined via regex, or with a dictionary (list) of items to allow.

Context Rules

Context Rules tell a detector to analyze the pre- and post- context around a token, looking for hot or cold words to assess the confidence level of the violation (context can uplevel or downlevel the detection confidence).
For example, a company may want to detect occurrences of their account numbers, which are 10-digit numbers. However, there are a lot of 10-digit numbers in the world, and such a broad detection rule could be very noisy. One option is to add context to the rule, such as the appearance of the strings “account” or “acct” near the token. An appearance of the token along with the context will be upweighted to a “very likely” violation, whereas the token without the context would be weighted as “possible.”
Context rules will typically be applied to custom detectors, as Nightfall’s machine learning detectors already take context into account. If you have a specific use case and want to understand the specific context analyzed by each detector, our team will be happy to speak with you.
Detection Engine - Previous
Detectors
Next
Choosing Detectors
Last modified 2mo ago
Copy link
Contents
Regular Expressions
Extending Upon a Nightfall Detector
Exclusion Rules (Allow List)
Context Rules